[RHSA-2020:1068] squid security and bug fix update
Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects.
Security Fix(es):
squid: Incorrect pointer handling when processing ESI Responses can lead to denial of service (CVE-2018-1000024)
squid: Incorrect pointer handling in HTTP processing and certificate download can lead to denial of service (CVE-2018-1000027)
squid: XSS via user_name or auth parameter in cachemgr.cgi (CVE-2019-13345)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section.
Package | Affected Version |
---|---|
pkg:rpm/redhat/squid?arch=x86_64&distro=redhat-7 | < 3.5.20-15.el7 |
pkg:rpm/redhat/squid?arch=s390x&distro=redhat-7 | < 3.5.20-15.el7 |
pkg:rpm/redhat/squid?arch=ppc64le&distro=redhat-7 | < 3.5.20-15.el7 |
pkg:rpm/redhat/squid?arch=ppc64&distro=redhat-7 | < 3.5.20-15.el7 |
pkg:rpm/redhat/squid-sysvinit?arch=x86_64&distro=redhat-7 | < 3.5.20-15.el7 |
pkg:rpm/redhat/squid-sysvinit?arch=s390x&distro=redhat-7 | < 3.5.20-15.el7 |
pkg:rpm/redhat/squid-sysvinit?arch=ppc64le&distro=redhat-7 | < 3.5.20-15.el7 |
pkg:rpm/redhat/squid-sysvinit?arch=ppc64&distro=redhat-7 | < 3.5.20-15.el7 |
pkg:rpm/redhat/squid-migration-script?arch=x86_64&distro=redhat-7 | < 3.5.20-15.el7 |
pkg:rpm/redhat/squid-migration-script?arch=s390x&distro=redhat-7 | < 3.5.20-15.el7 |
pkg:rpm/redhat/squid-migration-script?arch=ppc64le&distro=redhat-7 | < 3.5.20-15.el7 |
pkg:rpm/redhat/squid-migration-script?arch=ppc64&distro=redhat-7 | < 3.5.20-15.el7 |
- ID
- RHSA-2020:1068
- Severity
- moderate
- URL
- https://access.redhat.com/errata/RHSA-2020:1068
- Published
-
2020-03-31T00:00:00
(4 years ago) - Modified
-
2020-03-31T00:00:00
(4 years ago) - Rights
- Copyright 2020 Red Hat, Inc.
- Other Advisories
-
- ALAS-2018-1081
- ALAS-2020-1386
- ALAS2-2020-1448
- ALPINE:CVE-2018-1000024
- ALPINE:CVE-2018-1000027
- ALPINE:CVE-2019-13345
- ALSA-2019:3476
- DSA-4122-1
- DSA-4507-1
- ELSA-2020-1068
- FEDORA-2018-4fabf63492
- FEDORA-2019-c1e06901bc
- FEDORA-2019-cb50bcc189
- FREEBSD:D5B6D151-1887-11E8-94F7-9C5C8E75236A
- openSUSE-SU-2019:1963-1
- openSUSE-SU-2019:2540-1
- openSUSE-SU-2019:2541-1
- RHSA-2019:3476
- RLSA-2019:3476
- SUSE-SU-2018:0636-1
- SUSE-SU-2018:0752-1
- SUSE-SU-2019:2089-1
- SUSE-SU-2019:2089-2
- SUSE-SU-2019:2092-1
- SUSE-SU-2019:2975-1
- SUSE-SU-2019:3067-1
- USN-3557-1
- USN-4059-1
- USN-4059-2
Source | # ID | Name | URL |
---|---|---|---|
Bugzilla | 1536939 | https://bugzilla.redhat.com/1536939 | |
Bugzilla | 1536942 | https://bugzilla.redhat.com/1536942 | |
Bugzilla | 1727744 | https://bugzilla.redhat.com/1727744 | |
RHSA | RHSA-2020:1068 | https://access.redhat.com/errata/RHSA-2020:1068 | |
CVE | CVE-2018-1000024 | https://access.redhat.com/security/cve/CVE-2018-1000024 | |
CVE | CVE-2018-1000027 | https://access.redhat.com/security/cve/CVE-2018-1000027 | |
CVE | CVE-2019-13345 | https://access.redhat.com/security/cve/CVE-2019-13345 |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/redhat/squid?arch=x86_64&distro=redhat-7 | redhat | squid | < 3.5.20-15.el7 | redhat-7 | x86_64 | |
Affected | pkg:rpm/redhat/squid?arch=s390x&distro=redhat-7 | redhat | squid | < 3.5.20-15.el7 | redhat-7 | s390x | |
Affected | pkg:rpm/redhat/squid?arch=ppc64le&distro=redhat-7 | redhat | squid | < 3.5.20-15.el7 | redhat-7 | ppc64le | |
Affected | pkg:rpm/redhat/squid?arch=ppc64&distro=redhat-7 | redhat | squid | < 3.5.20-15.el7 | redhat-7 | ppc64 | |
Affected | pkg:rpm/redhat/squid-sysvinit?arch=x86_64&distro=redhat-7 | redhat | squid-sysvinit | < 3.5.20-15.el7 | redhat-7 | x86_64 | |
Affected | pkg:rpm/redhat/squid-sysvinit?arch=s390x&distro=redhat-7 | redhat | squid-sysvinit | < 3.5.20-15.el7 | redhat-7 | s390x | |
Affected | pkg:rpm/redhat/squid-sysvinit?arch=ppc64le&distro=redhat-7 | redhat | squid-sysvinit | < 3.5.20-15.el7 | redhat-7 | ppc64le | |
Affected | pkg:rpm/redhat/squid-sysvinit?arch=ppc64&distro=redhat-7 | redhat | squid-sysvinit | < 3.5.20-15.el7 | redhat-7 | ppc64 | |
Affected | pkg:rpm/redhat/squid-migration-script?arch=x86_64&distro=redhat-7 | redhat | squid-migration-script | < 3.5.20-15.el7 | redhat-7 | x86_64 | |
Affected | pkg:rpm/redhat/squid-migration-script?arch=s390x&distro=redhat-7 | redhat | squid-migration-script | < 3.5.20-15.el7 | redhat-7 | s390x | |
Affected | pkg:rpm/redhat/squid-migration-script?arch=ppc64le&distro=redhat-7 | redhat | squid-migration-script | < 3.5.20-15.el7 | redhat-7 | ppc64le | |
Affected | pkg:rpm/redhat/squid-migration-script?arch=ppc64&distro=redhat-7 | redhat | squid-migration-script | < 3.5.20-15.el7 | redhat-7 | ppc64 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |